Bug 1297827

Summary: [RFE] Support non-root OVS (including DPDK)
Product: Red Hat Enterprise Linux 7 Reporter: Aaron Conole <aconole>
Component: openvswitchAssignee: Aaron Conole <aconole>
Status: CLOSED CURRENTRELEASE QA Contact: qding
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: aconole, aloughla, atragler, fleitner, jean-mickael.guerin, mleitner, qding, rkhan, sukulkar, tredaelli, vincent.jardin
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openvswitch-2.8.0-1.el7fdb Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-16 13:11:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1297820, 1317889    

Description Aaron Conole 2016-01-12 14:50:41 UTC 
Description of problem:

As part of the '--user' feature to run Open vSwitch as non-root user, the /var/run/openvswitch directory which is created by systemd will have incorrect ownership. 

Version-Release number of selected component (if applicable):

2.5

How reproducible:

100%

Attempting to start openvswitch as a non-root user will expose the issue. A workaround exists by manually creating /var/run/openvswitch and assigning permissions before running 'systemctl start openvswitch'
Comment 4 Flavio Leitner 2017-02-20 14:13:29 UTC 
Note: OVS-DPDK still requires root privileges to work.
Comment 6 Aaron Conole 2017-08-02 18:19:23 UTC 
https://mail.openvswitch.org/pipermail/ovs-dev/2017-August/336558.html posted
Comment 7 Aaron Conole 2017-08-09 20:49:09 UTC 
This series was accepted, and will be available as part of 2.8
Comment 11 qding 2017-11-22 09:48:36 UTC 
Reproduced:

[root@dell-per730-05 run]# rpm -q openvswitch
openvswitch-2.7.3-2.git20171010.el7fdp.x86_64
[root@dell-per730-05 run]# ls -ld /var/run/openvswitch
drwxr-xr-x. 2 root root 140 Nov 22 04:35 /var/run/openvswitch
[root@dell-per730-05 run]# 
[root@dell-per730-05 run]# ps aux | grep ovs
root      18502  0.0  0.0  50524  2640 ?        S<s  04:34   0:00 ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --ll
og-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
root      18546  0.0  0.0  54252 15140 ?        S<Ls 04:34   0:00 ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach



Verified:

[root@dell-per730-04 run]# rpm -q openvswitch
openvswitch-2.8.0-4.el7fdb.x86_64
[root@dell-per730-04 run]# ls -ld /var/run/openvswitch/
drwxr-xr-x. 2 openvswitch hugetlbfs 340 Nov 22 03:56 /var/run/openvswitch/
[root@dell-per730-04 run]# 
[root@dell-per730-04 ~]# ps aux | grep ovs
openvsw+   2885  0.0  0.0  59360  2764 ?        S<s  03:56   0:00 ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --user openvswitch:hugetlbfs --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach
openvsw+   2950  0.0  0.0  63256 18008 ?        S<Ls 03:56   0:00 ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --user openvswitch:hugetlbfs --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
Comment 12 Flavio Leitner 2018-02-16 13:11:31 UTC 
Closing resolved bugs.